4692 matches found
Icblogger.txt
Icblogger = "YID" Remote Blind SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Usage : http://www.target.com/path/devam.asp?YID=-...
icblogger v2 (YID) Remote SQL Injection Vulnerability
No description provided by source. Icblogger = "YID" Remote Blind SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Usage :...
CubeCart <= 3.0.11 (oid) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== CubeCart this works against MySQL =4.1 allowing subs -------------------------------------------------------------------------------- '; / short explaination: software site:...
CubeCart 3.0.11 - 'oid' Blind SQL Injection
!/usr/bin/php -q -d shortopentag=on this works against MySQL =4.1 allowing subs -------------------------------------------------------------------------------- '; / short explaination: software site: http://www.cubecart.com/site/home/ same kind of sql injection of...
ATutor 1.5.3.1 - links Blind SQL Injection
ATutor 1.5.3.1 - links Blind SQL Injection !/usr/bin/php -q -d shortopentag=on = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 echo "Usage: php ".$argv0." host path user pass...
ATutor <= 1.5.3.1 (links) Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ ATutor = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 ec...
ATutor 1.5.3.1 - 'links' Blind SQL Injection
!/usr/bin/php -q -d shortopentag=on = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 echo "Usage: php ".$argv0." host path user pass OPTIONS\r\n"; echo "host: target server...
X7 Chat 2.0.4 - old_prefix Blind SQL Injection
X7 Chat 2.0.4 - oldprefix Blind SQL Injection !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; i...
geoauctionsSQL.txt
------=Part10286255599.1153211407989 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Be kind to publish it quickly, Regards, Angel Team NewAngels Advisory 12 GeoAuctions Enterprise & Others - Blind SQL Injection Vulnerability...
Eskolar CMS 0.9.0.0 Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Eskolar CMS 0.9.0.0 Remote Blind SQL Injection Exploit ======================================================...
Eskolar CMS 0.9.0.0 - Blind SQL Injection
Eskolar CMS 0.9.0.0 - Blind SQL Injection ================================================================================================== !/usr/bin/perl use IO::Socket; ==================================================================================================...
Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2)
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Mambo = 4.6rc1 'Weblinks' blind SQL injection / admin credentials\r\n"; echo "disclosure exploit ii quicker and more effective version, but it floods\r\n"; echo "admin of links submissions...\r\n"; echo "by rgod...
Joomla! 1.0.9 - Weblinks Blind SQL Injection
Joomla! 1.0.9 - Weblinks Blind SQL Injection !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$stri...
Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Mambo mysqld --log=mambo.txt now login, go to "Submit Weblink" feature, in "Name: " field type: 99999' UNION SELECT IF ASCIISUBSTRINGpassword,1,1=0 & 1, benchmark200000000,CHAR0,0 FROM...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works...
blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================================== blur6ex = 0.3.462 ID Admin Disclosure / Blind SQL Injection Exploit ====================================================================== !/usr/bin/php -q -d...
blur6ex 0.3.462 - 'ID' Admin Disclosure / Blind SQL Injection
!/usr/bin/php -q -d shortopentag=on ? echo "blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by blur6ex"\r\n\r\n"; / works regardless of php.ini settings /...
[Full-disclosure] Dokeos 1.6.4 SQL Injection Vulnerability
Dokeos 1.6.4 SQL Injection Vulnerability Author: Alvaro Olavarria [email protected] Affected: Dokeos = 1.6.4 Status: Notified hereby Vendor url: http://www.dokeos.com Background. Dokeos is an Open Source elearning and course management web application translated in 34 languages and helping mor...
Vegadns blind sql injection and cross site scripting
Author : Ph03n1X email : [email protected] site : http://kandangjamur.net/ vendor : www.vegadns.org version: 0.99 XSS ---- PoC : http://exam.com/vegadns/index.php?VDNSSessid=m42644r75o1eg4f7mb7e4rnpg7&message=3Ch13E3Cmarquee3Ealoo3C/marquee3E3C/h13E Vulnerable script is located in index.php...
MAXDEV CMS Multiple vulnerabilities
Full Path disclosure --------------------- This hole is caused by direct access to file includes/legacy.php not protected PoC : http://site.co.id/maxdev/includes/legacy.php Fix : Turn off display error in php.ini can fix this security issue Blind sql inject ----------------- This hole is caused b...